diff --git a/flake.nix b/flake.nix index 5743396..8560557 100644 --- a/flake.nix +++ b/flake.nix @@ -39,6 +39,15 @@ let inherit (self) outputs; system = "x86_64-linux"; + overlays = { outputs, ... }: { + nixpkgs.overlays = with outputs.overlays; [ + additions + modifications + unstable-packages + stable-packages + nur.overlay + ]; + }; # helper function to create a machine mkHost = { modules, specialArgs ? { pkgsVersion = nixpkgs-unstable; @@ -50,15 +59,7 @@ modules = modules ++ [ ./modules agenix.nixosModules.default - ({ outputs, ... }: { - nixpkgs.overlays = with outputs.overlays; [ - additions - modifications - unstable-packages - stable-packages - nur.overlay - ]; - }) + overlays ] ++ lib.lists.optionals (!minimal) [ specialArgs.home-manager-version.nixosModules.home-manager ] ++ lib.lists.optionals (!minimal && graphical) [ @@ -71,6 +72,21 @@ ]; specialArgs = specialArgs // { inherit inputs outputs; }; }; + mkStableServer = { modules, specialArgs ? { + pkgsVersion = nixpkgs; + home-manager-version = home-manager; + }, system ? "x86_64-linux", minimal ? false }: + let lib = specialArgs.pkgsVersion.lib; + in specialArgs.pkgsVersion.lib.nixosSystem { + inherit system; + modules = modules ++ [ + ./modules + agenix.nixosModules.default + overlays + ] ++ lib.lists.optionals (!minimal) + [ specialArgs.home-manager-version.nixosModules.home-manager ]; + specialArgs = specialArgs // { inherit inputs outputs; }; + }; in flake-utils.lib.eachDefaultSystem (system: { packages = import ./pkgs { pkgs = nixpkgs-unstable.legacyPackages.${system}; }; @@ -79,21 +95,6 @@ overlays = import ./overlays.nix { inherit inputs; }; nixosConfigurations = { - server = mkHost { - modules = [ - ./users/anon - ./modules/collections/server.nix - ./systems/server/configuration.nix - ]; - specialArgs = { - ## Custom variables (e.g. ip, interface, etc) - vars = import ./systems/userdata-default.nix - // import ./systems/server/userdata.nix; - pkgsVersion = nixpkgs; - home-manager-version = home-manager; - graphical = false; - }; - }; "kop-pc" = mkHost { modules = [ ./users/kopatz ./systems/pc/configuration.nix ]; }; @@ -123,26 +124,13 @@ nixos-hardware.nixosModules.dell-xps-15-7590-nvidia ]; }; - "mini-pc" = mkHost { - specialArgs = { - pkgsVersion = nixpkgs; - home-manager-version = home-manager; - graphical = false; - }; + "mini-pc" = mkStableServer { modules = [ ./users/anon ./systems/mini-pc/configuration.nix ]; }; - "mini-pc-proxmox" = mkHost { - specialArgs = { - pkgsVersion = nixpkgs; - home-manager-version = home-manager; - graphical = false; - }; + "mini-pc-proxmox" = mkStableServer { modules = [ ./users/anon ./systems/mini-pc-proxmox/configuration.nix ]; }; - # build vm -> nixos-rebuild build-vm --flake .#vm - "vm" = - mkHost { modules = [ ./users/vm ./systems/vm/configuration.nix ]; }; "wsl" = mkHost { modules = [ #"${nixpkgs}/nixos/modules/profiles/minimal.nix" @@ -154,7 +142,7 @@ }; #initial install done with nix run github:nix-community/nixos-anywhere/73a6d3fef4c5b4ab9e4ac868f468ec8f9436afa7 -- --flake .#adam-site root@ #update with nixos-rebuild switch --flake .#adam-site --target-host "root@" - "adam-site" = mkHost { + "adam-site" = mkStableServer { minimal = true; system = "aarch64-linux"; specialArgs = { @@ -171,6 +159,8 @@ ./systems/proxmox-test-vm/configuration.nix ]; }; + # build vm -> nixos-rebuild build-vm --flake .#vm + "vm" = mkHost { modules = [ ./users/vm ./systems/vm/configuration.nix ]; }; }; }; } diff --git a/modules/collections/laptop.nix b/modules/collections/laptop.nix index 483b47b..f207a18 100644 --- a/modules/collections/laptop.nix +++ b/modules/collections/laptop.nix @@ -41,7 +41,7 @@ }; }; - nixpkgs.config.permittedInsecurePackages = [ "electron-28.3.3" ]; + nixpkgs.config.permittedInsecurePackages = [ "electron-27.3.11" "electron-28.3.3" ]; programs.firejail.wrappedBinaries = with pkgs; let inherit (config.custom.misc.firejail) mk; in lib.mkMerge [ diff --git a/modules/collections/server.nix b/modules/collections/server.nix deleted file mode 100644 index 594b8fa..0000000 --- a/modules/collections/server.nix +++ /dev/null @@ -1,58 +0,0 @@ -{pkgs, ...}: -{ - imports = [ - ### Services ### - ../services/adguard.nix - ../services/github-runner.nix - ../services/gitolite.nix - # wait for https://github.com/NixOS/nixpkgs/pull/300228 - ../services/grafana.nix - #../services/nextcloud.nix - #../services/samba.nix - ../services/ssh.nix - ../services/step-ca.nix - ../services/syncthing.nix - #../services/syncthing.nix - ../services/wireguard.nix - ### Other Modules ### - #../games/palworld.nix - ../backup.nix - ../cron.nix - ../fail2ban.nix - ../firewall.nix - ../git.nix - ../hdd-spindown.nix - ../fail2ban.nix - ../logging.nix - ../motd.nix - ]; - - custom = { - cli-tools.enable = true; - tmpfs.enable = true; - static-ip = { - enable = true; - interface = "enp0s31f6"; - ip = "192.168.0.6"; - dns = "127.0.0.1"; - }; - nix = { - settings.enable = true; - }; - services = { - acme.enable = true; - nginx.enable = true; - kavita = { - enable = true; - dir = "/mnt/1tbssd/kavita"; - }; - }; - misc = { - docker.enable = true; - }; - hardware = { - firmware.enable = true; - ssd.enable = true; - }; - }; -} diff --git a/modules/firewall.nix b/modules/firewall.nix deleted file mode 100644 index 41c3461..0000000 --- a/modules/firewall.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, lib, inputs, vars, ... }: -let - allowedUDPPortRanges = vars.udpRanges; -in -{ - networking.firewall.enable = true; - networking.firewall.allowedUDPPorts = [ 5000 ]; - networking.firewall.allowedUDPPortRanges = allowedUDPPortRanges; -} diff --git a/modules/hardware/nvidia.nix b/modules/hardware/nvidia.nix index 8133c06..286d78a 100644 --- a/modules/hardware/nvidia.nix +++ b/modules/hardware/nvidia.nix @@ -1,17 +1,26 @@ -{ lib, config, pkgs, ... }: -with lib; +{ lib, config, pkgs, inputs, pkgsVersion, ... }: let cfg = config.custom.hardware.nvidia; in { options.custom.hardware.nvidia = { - enable = mkEnableOption "Enables nvidia gpus"; + enable = lib.mkEnableOption "Enables nvidia gpus"; }; - config = mkIf cfg.enable { - # Enable OpenGL - hardware.graphics = { - enable = true; - enable32Bit = true; - }; + config = let + # the option was renamed in unstable + nvidiaOption = + if (pkgsVersion == inputs.nixpkgs-unstable) then { + hardware.graphics = { + enable = true; + enable32Bit = true; + }; + } else { + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + }; + in lib.mkIf cfg.enable nvidiaOption // { boot.kernelParams = [ "nvidia-drm.fbdev=1" ]; services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia = { diff --git a/systems/laptop/configuration.nix b/systems/laptop/configuration.nix index b683e63..35d1a6e 100644 --- a/systems/laptop/configuration.nix +++ b/systems/laptop/configuration.nix @@ -16,7 +16,7 @@ hardware.bluetooth.enable = true; # enables support for Bluetooth hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot - age.identityPaths = [ /home/kopatz/.ssh/id_ed25519 "/etc/ssh/ssh_host_ed25519_key" ]; + age.identityPaths = [ "/home/kopatz/.ssh/id_ed25519" "/etc/ssh/ssh_host_ed25519_key" ]; mainUser.layout = "at"; mainUser.variant = ""; # Bootloader. diff --git a/systems/mini-pc-proxmox/configuration.nix b/systems/mini-pc-proxmox/configuration.nix index 9461dbc..f617ac6 100644 --- a/systems/mini-pc-proxmox/configuration.nix +++ b/systems/mini-pc-proxmox/configuration.nix @@ -90,7 +90,6 @@ enable = true; basePath = "/data/synced"; }; - terraria.enable = true; }; nftables.enable = true; cli-tools.enable = true; diff --git a/systems/server/configuration.nix b/systems/server/configuration.nix deleted file mode 100644 index c6c50c5..0000000 --- a/systems/server/configuration.nix +++ /dev/null @@ -1,94 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, lib, inputs, ... }: - -let -shash = pkgs.writeShellScriptBin "shash" '' - nix hash to-sri --type sha256 $(nix-prefetch-url ''$1) -''; -in{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - systemd.enableEmergencyMode = false; - - networking.hostName = "server"; # Define your hostname. - - # Set your time zone. - time.timeZone = "Europe/Vienna"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "de_AT.UTF-8"; - LC_IDENTIFICATION = "de_AT.UTF-8"; - LC_MEASUREMENT = "de_AT.UTF-8"; - LC_MONETARY = "de_AT.UTF-8"; - LC_NAME = "de_AT.UTF-8"; - LC_NUMERIC = "de_AT.UTF-8"; - LC_PAPER = "de_AT.UTF-8"; - LC_TELEPHONE = "de_AT.UTF-8"; - LC_TIME = "de_AT.UTF-8"; - }; - - #### Sound and printing #### - # Enable CUPS to print documents. - #services.printing.enable = true; - - # Enable sound with pipewire. - #sound.enable = true; - #hardware.pulseaudio.enable = false; - #security.rtkit.enable = true; - #services.pipewire = { - # enable = true; - # alsa.enable = true; - # alsa.support32Bit = true; - # pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - #}; - - #### Packages #### - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - nixos-option - wget - vim - tcpdump - dig - inputs.agenix.packages."x86_64-linux".default - btop - shash - restic - hdparm - openssl - unstable.e2fsprogs - mangal - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? - -} diff --git a/systems/server/hardware-configuration.nix b/systems/server/hardware-configuration.nix deleted file mode 100644 index 9824fbe..0000000 --- a/systems/server/hardware-configuration.nix +++ /dev/null @@ -1,68 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/1af836fb-ffef-4362-84af-bcb24d4db068"; - fsType = "ext4"; - options = [ - "defaults" - "noatime" - ]; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/B9EB-F6A4"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/e4bf3959-4d3c-4980-82c1-c5ec2104ec93"; } - ]; - - fileSystems."/mnt/2tb" = - { device = "/dev/disk/by-uuid/99954059-3801-4abb-a536-0e7802a3e6b4"; - fsType = "ext4"; - options = ["defaults" "nofail"]; - }; - - fileSystems."/mnt/1tb" = - { device = "/dev/disk/by-uuid/fb0a94c2-95df-4f62-904e-695d372363e9"; - fsType = "ext4"; - options = ["defaults" "nofail"]; - }; - - fileSystems."/mnt/250ssd" = - { device = "/dev/disk/by-uuid/80163cf9-2030-4757-ada2-03db96184961"; - fsType = "ext4"; - options = ["defaults" "nofail" "noatime"]; - }; - fileSystems."/mnt/1tbssd" = - { device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892"; - fsType = "ext4"; - options = ["defaults" "nofail" "noatime"]; - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/systems/server/userdata.nix b/systems/server/userdata.nix deleted file mode 100644 index 1a0f376..0000000 --- a/systems/server/userdata.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - interface = "enp0s31f6"; - ipv4 = "192.168.0.6"; - dns = "127.0.0.1"; - wireguardIp = "192.168.2.1"; - wm = "startplasma-x11"; - udpRanges = [ - #{ - # from = 52000; - # to = 52100; - #} - ]; -} diff --git a/systems/server/wg-publickey b/systems/server/wg-publickey deleted file mode 100644 index c5c9d6a..0000000 --- a/systems/server/wg-publickey +++ /dev/null @@ -1 +0,0 @@ -vyHNUy97R1cvqEvElznPpFQtoqm7WUHnT96UP6Dquwc=